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(54) NETWORK CONNECTION DEVICE, COMMUNICATION UNIT AND NETWORK 
CONNECTION METHOD 

(57)Abstract: 

PROBLEM TO BE SOLVED: To provide a network 
connection device that attains a contents protection 
procedure between devices not connected to the same 
network. 

SOLUTION: A transmitter on a 1st IEEE 1394 bus 
transfers encrypted data to a receiver on a 2nd IEEE 
1394 bus via a synchronous channel %, a network 
connection device and a synchronous channel #Y. When 
the receiver receives the encrypted data, the receiver 
inquires the network connection device about 
information with respect to the transmitter. The network 
connection device inquires the information with respect 
to the transmitter transmitting data on the 1st IEEE 
1394 bus in response to this inquiry and informs the 
receiver about the information with respect to the 
transmitter obtained thereby. The receiver directly 
conducts authentication.key exchange procedure with 
the transmitter on the basis of the received information. 
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[Claims] 

[Claim 1] A network connection device that connects a first IEEE 1394 bus and a 
second IEEE 1394 bus, said device comprising: 

a data reception unit operable to receive data transferred from a 
transmission node connected to the first IEEE 1394 bus through a first synchronous 
channel or a first asynchronous stream channel on the first IEEE 1394 bus; 

a data transfer unit operable to transfer the data, through a second 
synchronous channel or a second asynchronous stream channel on the second IEEE 
1394 bus, to a reception node connected to the second IEEE1394 bus; 

an inquiry reception unit operable to receive an inquiry from the reception 
node for information related to the transmission node, through a given packet on the 
second IEEE 1394 bus; 

an inquiry unit operable to make an inquiry to the transmission node, through 
a given packet on the first IEEE 1394 bus, for the information; 

a response reception unit operable to receive a response to an inquiry for the 
information from the transmission node through the given packet on the first IEEE 
1394 bus; and 

a response notification unit operable to notify the reception node of the 
response through the given packet on the second IEEE 1394 bus. 
[Claim 2] The network connection device according to Claim 1, 

wherein the given packet is one of a synchronous packet, an asynchronous 
stream and an asynchronous packet. 

[Claim 3] The network connection device according to Claim 1 , 

wherein the response packet received by said response reception unit 
includes information which identifies the transmission node, as well as information 
which identifies a plug or a sub-unit of the transmission node utilized for transferring 
the data as information related to the transmission node. 

[Claim 4] The network connection device according to one of Claim 2 and Claim 3, 

wherein the reception node on the second IEEE 1394 bus is used for 

performing an authentication/key exchange procedure directly with the transmission 

node on the first IEEE 1394 bus based on the notified information. 

[Claim 5] A network connection device that connects a first IEEE 1394 bus and a 

second IEEE 1394 bus, said device comprising: 

a data reception unit operable to receive data transferred from a 

transmission node connected to the first IEEE 1394 bus through a first synchronous 

channel or a first asynchronous stream channel on the first IEEE 1394 channel; 
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a data transfer unit operable to transfer the data to a reception node 
connected to the second IEEE 1394 bus, through a second synchronous channel or a 
second asynchronous stream channel on the second IEEE 1394 bus; 

an inquiry reception unit operable to receive an inquiry from the reception 
node for information related to the transmission node, through a given packet on the 
second IEEE 1394 bus; 

an inquiry unit operable to, when the inquiry is received, make an inquiry 
through a given packet on the first IEEE 1394 bus to the transmission node for the 
information, assuming that a virtual plug or sub-unit of the device itself receives the 
data of the first synchronous channel; 

a response reception unit operable to receive a response to the inquiry for 
information from the transmission node through the given packet on the first IEEE 
1394 bus; and 

a response notification unit operable to, when the inquiry has been received, 
notify the reception node, through the given packet on the second IEEE 1394 bus, of 
the response to the inquiry for information, a virtual plug or sub-unit of the device 
itself receives the data of the second synchronous channel.. 
[Claim 6] The network connection device according to Claim 5, 

wherein the given packet is one of a synchronous packet, an asynchronous 
stream and an asynchronous packet. 

[Claim 7] The network connection device according to Claim 5, 

wherein the inquiry packet received by said inquiry reception unit includes 
information that identifies the reception node and information that identifies a plug or 
a sub-unit of the reception node used for the data transfer as information related to 
the reception node; and 

the response packet received by said response reception unit includes 
information that identifies the reception node and information that identifies a plug or 
a sub-unit of the reception node used for the data transfer as information related to 
the reception node; 

said network connection device further comprising: 

a first authentication/key exchange processing unit operable to perform an 
authentication/key exchange procedure between a virtual plug or sub-unit of the 
transmission node that has responded to the inquiry on the first IEEE 1394 bus, and 
the virtual plug or sub-unit of the device itself; and 

a second authentication/key exchange unit operable to perform an 
authentication/key exchange procedure between the virtual plug or virtual sub-unit of 
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the device itself and a plug or sub-unit of the reception node on the second IEEE 1394 
bus. 

[Claim 8] The network connection device according to Claim 7, further comprising 

an encryption key information reception unit operable to receive information 
related to an encryption key relative to the plug or sub-unit from the transmission 
node on the first IEEE 1394 bus, after the authentication/key exchange procedure by 
said first authentication/key exchange processing unit has completed; and 

an encryption key information transfer unit operable to transfer the 
information related to the encryption key to the transmission node on the second 
IEEE 1394 bus, after at least a part of the authentication/key exchange procedure by 
said authentication/key exchange processing unit has completed. 
[Claim 9] The network connection device according to one of Claim 1 and Claim 5, 
further comprising: 

a storage unit operable to store correspondence among information that 
identifies the first synchronous channel or the first asynchronous stream channel, 
information that identifies the transmission node and information that identifies the 
second synchronous channel or the second asynchronous stream channel; and 

wherein said network connection device makes the inquiry for the information 
to the transmission node determined with reference to the correspondence stored in 
said storage unit, based on the information that identifies the second synchronous 
channel or the second asynchronous stream channel and is included in the information 
received by said inquiry unit. 

[Claim 10] A network connection device that connects a first network and a second 
network, the first network using one or more encryption keys for transmission and/or 
reception of encrypted data between nodes connected to the same network, and the 
second network using an identical encryption key for transmission and/or reception of 
encrypted data between nodes connected to the same network and transmitting 
and/or receiving data through a given channel, said device comprising: 

a data reception unit operable to receive data transferred from a node 
connected to the first network; 

a data transfer unit operable to transfer the data to a node connected to the 
second network, through a given channel on the second network; 

an authentication request reception unit operable to receive an 
authentication request from the node connected to the second network; 

an inquiry unit operable to make an inquiry, when the authentication request 
has been received, to a node connected to the second network for information that 
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identifies a channel that the node is receiving; 

a response reception unit operable to receive a response to the inquiry from 
the node connected to the second network; and 

an encryption key information reception unit operable to receive information 
related to an encryption key for data, from the node connected to the first network, 
which transmits the data which should be transferred to a channel on the second 
network identified by information included in the response received by said response 
reception unit, to said device itself; and 

an encryption key information transmission unit operable to transfer 
information related to the encryption key to a node on the second network. 
[Claim 11] The network connection device according to Claim 10, further comprising: 

a first authentication/key exchange processing unit operable to perform an 
authentication/key exchange procedure with the node connected to the first network 
which transmits, to said device itself, the data which should be transferred to the 
channel on the second network identified by the response; and 

a second authentication/key exchange processing unit operable to perform 
an authentication/key exchange procedure with the node on the second network to 
which the data should be transferred through the channel on the second network 
identified by the response. 

[Claim 12] A network connection device that connects a first network and a second 
network, 

wherein pieces of data which belong to different flows but have the same 
control information are encrypted with different encryption keys between the device 
itself and an arbitrary device on the first network, and 

data encryption of pieces of data having the same control information is 
carried out with the same encryption key between the device itself and an arbitrary 
device on the second network. 

[Claim 13] A communications device that receives data from a transmission node on 
another IEEE 1394 bus through a network connection device connected to the same 
IEEE 1394 bus as said communications device itself, said communications device 
comprising: 

a data reception unit operable to receive data transferred from the network 
connection device through one of a first synchronous channel and a first 
asynchronous stream channel on the same IEEE 1394 bus; 

an inquiry unit operable to make an inquiry to the network connection device, 
in the case where the received data is encrypted, through a given packet on the same 
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IEEE 1394 bus, for information related to a transmission node of the encrypted data; 

a response reception unit operable to receive a response to the inquiry for 
the information from the network connection device through the given packet on the 
same IEEE 1394 bus, the information being acquired by the network connection device 
which has received the inquiry by making the inquiry for the information on the 
another IEEE 1394 bus; and 

an authentication/key exchange processing unit operable to perform an 
authentication/key exchange procedure directly with the transmission node on 
another IEEE 1394 bus, based on information included in the response received in said 
response reception unit. 

[Claim 14] A communications device that receives data from a transmission node on 
another IEEE 1394 bus through a network connection device connected to the same 
IEEE 1394 bus as the device itself, said communications device comprising: 

a data reception unit operable to receive data transferred from the network 
connection device through a first synchronous channel or a first asynchronous stream 
channel on the same IEEE 1394 bus; 

an inquiry unit operable to make an inquiry to the network device, in the case 
that the received data is encrypted, through a given packet on the same IEEE 1394 
bus, for information related to a transmission node of the encrypted data; 

a notification reception unit operable to receive a response to the inquiry 
which includes information related to the transmission node indicating that the 
network connection device is the transmission node, from the network connection 
device which has received the inquiry, through the given packet on the same 
IEEE1394 bus, 

an authentication/key exchange processing unit operable to perform an 
authentication/key exchange procedure with the network connection device based on 
information included in the notification received by said notification reception unit. 
[Claim 15] A network connection method of connecting a first IEEE 1394 bus and a 
second IEEE 1394 bus, said method comprising the steps in which: 

a transmission node on the first IEEE 1394 bus transmits encrypted data 
through the first synchronous channel; 

the network connection device receives the encrypted data transferred from 
the transmission node through the first synchronous channel on the first IEEE 1394 
bus, and transfers this data to a reception node connected to the second IEEE 1394 
bus through a second synchronous channel on the second IEEE 1394 bus; 

the reception node receives the data transferred through the second 
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synchronous channel on the second IEEE 1394 bus, and in the case that the data is 
encrypted, makes an inquiry to the network connection device through a given packet 
on the second IEEE 1394 bus, for information related to a transmission node of the 
encrypted data; 

the network connection device makes an inquiry for the information related 
to the transmission node to the transmission node through the given packet on the 
first IEEE 1394 bus, in the case that the network connection device has received the 
inquiry for the information from the reception node through the given packet on the 
second IEEE 1394 bus; 

the transmission node transmits a response to the inquiry for the information 
to the network connection device, through the given packet on the first IEEE 1394 bus, 
in the case that the transmission node has received the inquiry for the information 
from the network connection device through the given packet on the first IEEE 1394 
bus; 

the network connection device notifies the reception node of the response to 
the inquiry for the information through the given packet on the second IEEE 1394 bus 
in the case that the network connection device has received the response to the 
inquiry from the transmission node through the given packet on the first IEEE 1394 
bus; and 

the reception node performs an authentication/key exchange procedure 
directly with the transmission node based on information included in the notification. 
[Claim 16] A network connection method of connecting a first IEEE 1394 bus and a 
second IEEE 1394 bus, said method comprising the steps in which: 

a transmission node on the first IEEE 1394 bus transmits encrypted data 
through the first synchronous channel; 

the network connection device receives the encrypted data transferred from 
the transmission node through the first synchronous channel on the first IEEE 1394 
bus and transfers this data to a reception node connected to the second IEEE 1394 
bus through a second synchronous channel on the second IEEE 1394 bus; 

the reception node receives the data transferred through the second 
synchronous channel on the second IEEE 1394 bus and in the case that the data is 
encrypted, makes an inquiry to the network connection device for information related 
to the transmission node of the encrypted data through a given packet on the second 
IEEE 1394 bus, including information that identifies the reception node and information 
that identifies a plug or a sub-unit of the reception node which is utilized for the 
transfer of the encrypted data; 
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in the case where the network connection device has received the inquiry for 
the information related to the transmission node from the reception node through the 
given packet on the second IEEE 1394 bus, the network connection device makes an 
inquiry for the information to the transmission node through the given packet on the 
first IEEE 1 394 bus, assuming that a virtual plug or sub-unit of the network connection 
device receives the data on the first synchronous channel, and notifies the reception 
node of a response to the inquiry for the information through the given packet on the 
second IEEE 1394 bus, assuming that the virtual plug or sub-unit of the network 
connection device transmits the data on the second synchronous channel; 

in the case where the transmission node has received the inquiry for the 
information from the network connection device through the given packet on the first 
IEEE 1394 bus, the transmission node transmits a response to the inquiry for the 
information to the network connection device through the given packet on the first 
IEEE 1394 bus, the information including information that identifies the transmission 
node and information that identifies a plug or a sub-unit of the transmission node 
utilized for transferring the encrypted data; and 

an authentication/key exchange procedure is performed between the plug or 
sub-unit of the transmission node and the virtual plug or sub-unit of the network 
connection device, and an authentication/key exchange procedure is performed 
between the virtual plug or sub-unit of the network connection device and the plug or 
sub-unit of the reception node. 
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[0137] Here it is supposed that, unlike the first embodiment (assumed that an 
authentication/key exchange on IEEE 1394 is performed per AV data flow or AV/C 
plug and a plurality of encryption keys can be used within identical nodes per flow or 
per plug) only one encryption key can be defined within the same node (for this 
example, between the second relay 2103 and the reception device 2104) in the second 
IEEE1 394 bus (21 06) (however, for Never Copy content for example, even if a plurality 
of flows are being exchanged within the same node at the same time, the same 
encryption keys will be used for the flows having the same copy control information; 
note that copy control information is information in which how to handle copies of 
data that is sent is included, for example: "this data can be copied x amount of times," 
"this data cannot be written" and the like). This point is the same even for the first 
IEEE1394 bus (2105) side (and even between transmission device 2101 and first 
repeating installation 2102). In contrast, in a wireless LAN (2107), it is assumed 
different encryption keys can be used within identical nodes per flow or per plug, in 
the same way as the first embodiment. 
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